πŸ” CVE Alert

CVE-2023-7101

HIGH 7.8 ⚠️ CISA KEV

Arbitrary Code Execution (ACE) Vulnerability

CVSS Score
7.8
EPSS Score
0.0%
EPSS Percentile
0th

Spreadsheet::ParseExcel version 0.65 is a Perl module used for parsing Excel files. Spreadsheet::ParseExcel is vulnerable to an arbitrary code execution (ACE) vulnerability due to passing unvalidated input from a file into a string-type β€œeval”. Specifically, the issue stems from the evaluation of Number format strings (not to be confused with printf-style format strings) within the Excel parsing logic.

CWE CWE-95
Vendor douglas wilson
Product spreadsheet::parseexcel
Published Dec 24, 2023
Last Updated Oct 21, 2025
⚠️ Actively Exploited β€” Act Now

Get instant alerts for douglas wilson spreadsheet::parseexcel

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-7101.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

Douglas Wilson / Spreadsheet::ParseExcel
0.65

References

NVD β†— CVE.org β†— EPSS Data β†—
github.com: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2023/MNDT-2023-0019.md https: https://https://www.cve.org/CVERecord?id=CVE-2023-7101 https: https://https://metacpan.org/dist/Spreadsheet-ParseExcel https: https://https://github.com/haile01/perl_spreadsheet_excel_rce_poc github.com: https://github.com/jmcnamara/spreadsheet-parseexcel/blob/c7298592e102a375d43150cd002feed806557c15/lib/Spreadsheet/ParseExcel/Utility.pm#L171 openwall.com: http://www.openwall.com/lists/oss-security/2023/12/29/4 lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/12/msg00025.html https: https://https://github.com/jmcnamara/spreadsheet-parseexcel/commit/bd3159277e745468e2c553417b35d5d7dc7405bc lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/IFEHKULQRVXHIV7XXK2RGD4VQN6Y4CV5/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/M2FIWDHRYTAAQLGM6AFOZVM7AFZ4H2ZR/ security.metacpan.org: https://security.metacpan.org/2024/02/10/vulnerable-spreadsheet-parsing-modules.html cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-7101

Credits

Le Dinh Hai (https://github.com/haile01/perl_spreadsheet_excel_rce_poc/tree/main) πŸ” Barracuda Networks Inc. https://www.barracuda.com/